TM Authentication on Windows, Active Directory or LDAP

TM now supports the user login using windows credentials.

To test this feature, there is a new checkbox available on the Login Popup:

When selected this option will check the user’s credentials against Windows (vs using TM user’s database). Note that this is not using IIS Windows Authentication. The user name and password are sent to the server (ssl is recommended) and the authentication checks occurs using .Net 3.5’s System.DirectoryServices.AccountManagement classes)

note how the logged in user is now tmUser:

At the moment there is a requirement (which could be changed) that there is an user account in TM users database with the same name as the Windows login account.

For reference, here is the code that implements the Windows login (currently set to the use the accounts of the local Windows server, but as the commented code shows, this can be easily changed to use an Active Directory domain or an LDAP Server)

namespace SecurityInnovation.TeamMentor.Authentication
{
public class WindowsAndLDAP
{
public static Guid loginOnLocalMachine(string username, string password)
{
if(authenticateOnLocalMachiche(username, password))
return username.registerUserSession(Guid.NewGuid());
else
return Guid.Empty;
}
public static bool authenticateOnLocalMachiche(string username, string password)
{
bool valid = false;
using (PrincipalContext context = new PrincipalContext(ContextType.Machine))
{
valid = context.ValidateCredentials( username, password );
}
return valid;
}

//modify the ContextType.* to authenticate against an ActiveDirectory Domain (or LDAP)
/*public static bool authenticateOnLocalMachiche(string username, string password)
{
bool valid = false;
using (PrincipalContext context = new PrincipalContext(ContextType.Domain))
{
valid = context.ValidateCredentials( username, password );
}
return valid;
}*/
}
}
Advertisements

About Dinis Cruz

Dinis Cruz is the main developer of the OWASP O2 Platform and TeamMentor
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s